dated: 15th may 2014 information sharing agreement for the ... · information sharing agreement for...

Information Sharing Agreement for the Leeds Care Record

1

Dated: 15th

May 2014

Information Sharing Agreement

For The Leeds Care Record (LCR)


2

Document Control

1. Revision History

Issue

Date Revision Details

Version 1.4 Draft

1st March 2014 Full Revision

Version 1.5 Draft

20th March 2014 2nd revision following consultation with stakeholders

Version 1.6 Draft

10th April 2014 3rd revision following consultation with stakeholders

Version 1.7 Draft

11th April 2014 4th revision following consultation with stakeholders

Version 1.8 Draft

15th April 2014 5th revision following consultation with stakeholders

Version 2.0 24th April 2014 6th revision following consultation with stakeholders

Version 2.1 1st May 2014 Changes following additional proofreading

Version 2.2 8th May 2014 Changes to section 8 - removal of ISB standard 1572 which has since been withdrawn and replaced with supporting acts in place.

Version 2.3 13th May 2014 Removal of mental illness from the exclusion list (section 8)

Version 2.4 15th May 2014 Changes following additional proofreading (Section 8)

Background Information The overarching principle of the Leeds partner organisations is that information sharing between health and social care professionals and their teams when it is needed for the safe and effective care of the individual service user is supported, encouraged and expected. The Leeds Care Record (LCR) is under development and, when completed, will provide a common set of information about each service user that health and social care professionals working together will be able to access to help them provide even better joined-up care and support to patients. This Agreement supports the development of the LCR. In the interim period, sharing information within the care team in accordance with the wishes of the individual is an important part of fulfilling the duty of care and should continue under the current arrangements.


3


4

1. Introduction 1.1 The objective of integrated health and social care is to move away from isolated episodic care to a holistic approach, where those responsible for providing health, care and support work together to tailor and deliver a combination of services to meet the needs of the individual patient or service user.1 1.2 Sharing information is essential to ensure efficient joined-up services designed to give the best care and outcomes to an individual based on their personal needs and circumstances. The motto for integrated care services should be: ‘To care appropriately, you must share appropriately’.2 1.3 The Leeds Care Record (LCR) supports the delivery of integrated care by providing health and social care professionals with a single point of access to information about a service user, collected from their separate medical and care records. 1.4 Sharing such information is subject to information governance law, policy and procedures. 1.5 Service users must be informed about the LCR (including their right to opt- out) and:

a) Feel confident that personal information about them is held safely and securely;

b) understand how it is being collected and used, why it is being shared and with whom;

c) trust that it will only be shared appropriately when it is in their best interest; and

d) know what choices they have regarding the use of their personal information, the consequence of their decisions and how to raise concerns or exercise their rights in that respect.

1.6 It is also important that health and social care professionals and supporting staff understand and apply their legal and contractual duty to ensure their use of personal confidential data (PCD)3 is ethical and lawful and the rights of the service user are respected.

1 The term “service user” is a general term used within this document to mean any individual,

patient, social care client or user of services – anyone who receives health and social care services. 2 Information Governance Review: To Share or Not to Share? Department of Health March 2013

also referred to as “Caldicott 2”. 3 Personal Confidential Data is a term introduced by Caldicott2 to describe the full range of

information about an individual used within health and social care. See glossary for the full definition.


5

1.7 Registered professionals are also bound by the ethical codes of practice of their regulatory body. 1.8 The purpose of this document is to set out a common set of information governance rules that each party subject to this agreement will adopt to enable health and social care professionals supporting individual service users to share PCD via the LCR. 1.9 This document does not provide the legal basis for PCD to be shared. Consideration still has to be given to the legal implications that ensure fair and lawful processing. 1.10 This document does not provide legal advice. In some circumstances, it

may be necessary or prudent to seek legal advice. Nothing within this agreement would prevent or restrict a partner organisation from doing so, however it is advisable that the lawyer’s response to a request for advice is shared with the other parties and this agreement is revised accordingly in light of those recommendations.

1.9 Neither is this agreement legally binding or enforceable between the

signatory partners. Each partner is a Data Controller4 and legally responsible for ensuring their processing of personal data is fair and lawful and complies with the principles of the Data Protection Act 1998 (DPA).

1.10 Each Data Controller must also be a signatory party of the supporting LCR Data Processing Contract, which sets out the legal requirements for the operation of the LCR to ensure compliance with the DPA.

4 Data Controller is a legal person as defined in the Data Protection Act 1998 Part 1 Section 1 – see

Glossary.


6

2. Objectives 2.1 The objectives of this Agreement are to:

(a) ensure service user rights are respected and to minimise the risk of breaking the law;

(b) secure public trust by ensuring that legally required safeguards are in place and complied with;

(c) define the purposes for sharing PCD; (d) increase data sharing by setting out the principle for sharing PCD

about individual service users when it is in their best interest; (e) provide a framework for the secure management of PCD; (f) ensure staff have a better understanding of when and whether it is

acceptable to share PCD; (g) harmonise where possible and support the policies and procedures of

each partner organisation regarding the security and confidentiality of personal data; and

(h) define how the Agreement will be authorised, implemented, published, monitored and reviewed.

3. Duration and Scope 3.1 This document is an Information Sharing Agreement between the integrated health and social care partners in Leeds listed in Section 4 and will commence from 1st June 2014 3.2 It is specifically designed to support the development of the LCR to enable lawful sharing of PCD between the listed partner organisations to support integrated care where it is necessary for the safe, effective care of the individual service user. 3.3 This Agreement is supplemented by the policies, procedures and guidelines

of the partner organisations. 3.4 This Agreement is owned by the signatory parties. 3.5 On behalf of the signatory parties the Leeds Informatics Board (LIB)

Information Governance Sub-group, will undertake responsibility for the development of jointly agreed policy and procedure that is necessary to support this Agreement and outlined in Section 10; monitoring subsequent external developments in information governance policy and law that may impact on the agreed terms and conditions.


7

3.6 The LIB Information Governance Sub-group will ensure any proposed changes and updates to this agreement are communicated to the signatory parties and to the LCR Project Board. 3.7 The LCR Project Board will undertake responsibility for signing off the

proposed changes and updates on behalf of the signatory parties, ensuring a period of time has been allowed for consultation.

3.8 All signatories are responsible for communicating any concerns about the

proposed changes and updates to the LCR Project Board.

4. Health and Social Care signatory partners to this agreement.

Name/organisation Abbreviation Date Added

Leeds Teaching Hospital NHS Trust LTHT Leeds Community Healthcare NHS Trust LCHT Leeds City Council – Adult Social Care LCC Leeds & York Partnership NHS Foundation Trust LYPFT GP Practices (listed in Appendix A) GPs Others (to be added as they become signatory partners)

The list of signatures can be found at Section 15 and Appendix A.

5. The Conditions for Information Sharing 5.1 PCD should be shared between members of the care team when it is

needed for the safe and effective care of the individual. 5.2 Information sharing for the purpose of this agreement is dependent upon the

individual service user being informed that their LCR will be created and understand how and when their PCD will be used, who it will be shared with, and are aware of their rights in that respect and what actions they should take if they have any concerns or wish to exercise their right to object.

5.3 The agreed approach is to ensure all Leeds residents are informed via a

series of planned city-wide communications, which gives people the opportunity to opt-out of the programme if they so choose.


8

5.4 Communications materials, including fair processing notices and leaflets are provided in the LCR Communications Toolkit, a copy of which is available at www.leedscarerecord.org.

5.5 An individual’s decision to opt-out of the LCR will be respected. 5.6 LTHT will manage the opt-out process on behalf of the signatory partners. A

service user’s request to opt-out will be actioned and confirmed in writing, which includes an explanation as to the impact the decision will have on the individual’s care.

5.7 There is a dependency upon each separate organisation and GP Practice to

ensure the service users they are responsible for have been adequately informed and time has been allowed for them to consider their options and register their request to opt-out prior to their LCR being accessed.

5.8 Because there is a risk that the service user may not be aware of the LCR or

have had an opportunity to register their dissent prior to it being made available to the care team, staff are advised to ask the service user if they are aware that their LCR has been created and do they have any objections to it being viewed prior to their record being accessed. This is referred to as “Approval to view” and is a recommended precautionary measure during the LCR roll-out stages.

6. The Purpose(s) for Information Sharing 6.1 Information should be shared between authorised health and social care

professionals and their teams with whom the individual has a legitimate relationship where it is necessary for the purpose of their direct care.

6.2 “Direct care” is defined as a clinical, social, or public health activity

concerned with the prevention, investigation and treatment of illness and the alleviation of suffering of individuals (all activities that contribute to the diagnosis, care and treatment of an individual) 5. It includes:

Assessment of need and the development of care plans;

Provision of health care, social care and support;

The management of outcomes;

The local audit or assurance of the quality of care provided;

The management of untoward incidents;

The investigation of complaints

5 Health and Social Care Information Centre Confidentiality Guidance for Health and Social Care -

references

http://www.leedscarerecord.org/


9

6.3 It does not include research, teaching, financial audit, service management activities or risk stratification.

6.4 Data will be effectively anonymised6 for any other purpose that does not

constitute a “direct care” purpose (a secondary purpose), unless the individual service user has provided their explicit consent or another lawful basis can be applied to support the justifiable use of that PCD.

7. The Types of Information to be shared 7.1 Only information that is necessary, relevant and proportionate to the direct

care purpose will be shared. 7.2 A schedule of information items to satisfy this aim will be developed, agreed

by the signatory partners and subsequently issued as Appendix B to this Agreement.

6 In accordance with the Information Commissioner’s Anonymisation Code of Practice, published in

November 2012


10

8. Information Excluded from the LCR: 8.1 Information of a highly sensitive nature will not be shared routinely via the

LCR, which includes:

Legally restricted data i.e.

IVF, fertility treatment and Embryology7;.

HIV/AIDS;

Venereal disease and STI’s8;

Gender realignment9

Sensitive data that patients would not expect to be routinely disclosed i.e.

Termination of pregnancy;

Gender identity

Specific information collected during an enquiry into safeguarding concerns

Carer records

Service user financial status

This list is not exclusive and will be further considered and completed during the development of the information sharing schedule (part 7 Appendix B).

8.2 This does not prohibit the information from being shared outside the LCR.

Information sharing agreements that cover the sharing of information for these purposes should be followed.

7 Restricted by the Human Fertilisation Act 1990 as amended by the Human Fertilisation and

Embryology (Disclosure of Information) Act 1992 8 NHS Trusts and Primary Care Trusts (Sexually Transmitted Diseases) Directions 2000

9 Gender Recognition Act 2004


11

9. Restrictions on the use of Information 9.1 All shared information, personal or otherwise, must only be used where it is

necessary, relevant and proportionate for the purpose of direct care and in accordance with the service user’s expectations (as explained in the LCR communications programme) and specified in this agreement.

9.2 Exceptions to this are only applicable when the disclosure is mandated by

statute or regulation, under the instructions of a court or via obtaining the explicit consent of the service user.

9.3 Any further uses made of this data will not be covered by the Agreement

and will be in breach of the Agreement and at risk of being unlawful. This would be managed in accordance with each partner organisations local incident management policies and procedures.

10. Access to information 10.1 Authorised Health and Social Care Staff Access to the LCR will be provided to health and social care professionals and their teams involved in the provision of direct care to service users and controlled in accordance with the LCR Access Management policy and procedure, developed by the LIB Information Governance Sub-group, agreed by the LCR Project Board and issued as Appendix C of this Agreement.10 LTHT will manage the user access management procedures, including the registration and de-registration of access, on behalf of the LCR partners. 10.2 Individual service users The DPA provides an individual with a right of access to their personal data (subject access rights).11 It is the responsibility of each individual partner agency to manage subject access requests for the personal information they hold. If LTHT receive a subject access request for LCR data, they will refer the service user to the relevant organisation. 10.3 Access to PCD for non-direct care purposes

10

This is currently under development by the LIB Information Governance Sub-group and will be issued as a supplementary appendix to this agreement when approved. 11

DPA section 7.


12

10.3.1 Only professionals directly involved in the provision of direct care

should see an individual’s confidential identifiable information held in the LCR.

10.3.2 Identifiable information should not be accessed directly by, or passed

to a third party, unless the individual service user has been informed and given their explicit consent (which is recorded as evidence), or another legal basis can be applied to support that disclosure.

10.3.3 Where another legal basis does apply, the individual service user

concerned must be informed of the intention to disclosure, unless to do so would cause harm (either to the individual themselves or put another person at risk) or it would be detrimental for the purpose (i.e. it would prejudice the prevention or detection of a serious crime).

10.3.4 Any decision to disclose information about a service user for a non-

direct care purpose (e.g. because the information is required by a court order/statute or there is an overriding public interest in doing so), must only be made by the organisation responsible for that information on a case-by-case basis, seeking additional legal or other specialist advice where appropriate.

10.3.5 If LTHT receive a request for PCD for a non-direct care purpose, they

will refer the requestor to the relevant organisation. 10.4 Requests for Access to non-PCD Information

10.4.1 The procedure for managing requests for information, including requests made under the Freedom of Information Act 2000, will be documented and approved by the LCR Project Board.12

10.4.2 LTHT will manage requests for information concerning the LCR in

accordance with the approved LCR Access Management policy and procedure (see 10.1) on behalf of the LCR partner agencies.

12

As part of the LCR Access Management policy under 7


13

11. Data Protection Act 11.1 Data Controllers

11.1.1 In the terms of the DPA a Data Controller works alone, jointly or in common with other data controllers, depending on the circumstances of the data processing activity.13

11.1.2 Each Health and Social Care partner is an individual Data Controller

and is alone legally responsible for ensuring their processing of PCD is done fairly and lawfully in compliance with the Data Protection Principles.

11.1.3 Any processing of personal data undertaken by a Data Controller and

their staff, is undertaken in their own right and each Data Controller party to this Agreement is not liable for the actions of another.

11.1.4 The DPA conditions for processing are listed in Appendix D.

11.1.5 The Data Controllers work jointly to decide and agree the policy

under which the LCR will operate.

11.1.6 The Data Controllers work in common sharing the pool of information held in the LCR, which they process independently of each other under the terms of this Agreement and in accordance with the law.

11.2 Data Processor

11.2.1 LTHT is a Data Controller in respect of the personal data held about their patients.

11.2.2 LTHT also acts as the Data Processor in respect of their duties in the

provision and hosting of the LCR service and the management functions outlined in this document.

11.3 The Seventh Principle

11.3.1 The Seventh Data Protection Principle requires appropriate technical and organisational measures to be in place to protect personal data from unauthorised or unlawful processing and against accidental loss, destruction or damage.

13

DPA Part 1 Section 4(4)


14

11.3.2 In particular, where a Data Controller enters into an arrangement with a Data Processor to process personal data on their behalf, that arrangement must be supported by a written contract.

11.3.3 Each Data Controller party to this Agreement must also have a

supporting Data Controller/Data Processor Contract in place, which sets out the legal arrangements for LTHT to act as the Data Processor for the LCR on behalf of the Data Controller partner to ensure compliance with the DPA.

12. Information Governance Agreement 12.1 An objective of this Agreement is to provide assurance that all parties will

work to the same level of information governance standards. 12.2 This is measured through the annual self-assessment audit against the

service-specific standards set out in the Information Governance Toolkit (IGT).

12.3 In particular, to support the LCR Information Sharing agreement, it is the

responsibility of each partner to:

Identify a named individual(s) who takes responsibility for this Agreement on behalf of the partner organisation;

Identify a named individual to act as the organisation’s central point of contact to support the operation of LCR information sharing;

Have procedures and policies in place to ensure:

Staff (including temporary staff, agency staff, secondees, contractors, students, placements and volunteers) who have access to the LCR have been trained and understand their legal and contractual duties for the protection and use of confidential information;

Organisational and technical security measures protect the integrity, confidentiality and reliability of PCD held in the LCR e.g. via documented access controls, contracts of employment, codes of conduct, information governance policies and education and training programmes;

Information is of a quality fit for the purpose for which it is to be used; including being complete, accurate and up to date, otherwise any decision based on the information may be flawed and inappropriate actions may result;


15

Policies and procedures are in place to detect, report, investigate and manage personal data breach incidents,14 which include provisions for informing the Information Commissioner’s Office and the data subject(s) as appropriate;

Appropriate Human Resources procedures are in place to deal with staff responsible for a personal data breach incident and all staff are made fully aware of those procedures;

Procedures are in place and published to deal with individual service user’s rights i.e. procedures for dealing with requests for access to personal data, right to information, right to object to certain data sharing, queries and complaints.

13. Information Sharing Agreement 13.1 All partners agree to uphold the common law duty of confidentiality, the DPA

and Human Rights Act 1998 and ensure PCD is shared fairly, lawfully and responsibly in accordance with the Caldicott Principles and HSCIC Confidentiality Code of Practice (when published).

13.2 All partners agree to implement the LCR fair processing communications

toolkit without exception to support fair and lawful information sharing for integrated care purposes.

13.3 All partners agree to publish this agreement in addition to other fair

processing information to support openness and transparency.15 13.4 All partners agree to work together to establish and implement technical and

organisational policies and procedures that support the sharing of PCD in accordance with this Agreement.

14

The Independent Information Governance Review Panel recommended the term “personal data breach incident” to be used as the standard term for health and social care services to cover ‘data losses’, ‘personal data breaches’ and ‘information governance serious incidents’ etc. See Glossary. 15

Fair processing is a requirement of the first DPA principle (fair and lawful).


16

14. Responsibility for this Agreement 14.1 Each partner takes responsibility for ensuring the application of the terms

and conditions of this Agreement within their organisation. 14.2 The LCR Project Board will take responsibility for ensuring the overall

management of this Agreement, including its continual monitoring, revision and updates.

14.3 Additional supporting materials, such as policy, procedure or subsequent

amendments to this Agreement will only be approved by the LCR Project Board following consultation with all signatory partner organisations and issued as agreed supplementary appendices.

14.4 This Agreement will be subject to a formal annual review by the LCR Project

Board, taking into consideration:

non-compliance issues with this Agreement, logged and reported by any party (including complaints arising from information sharing);

non-compliance with any supplemental policies, procedures and guidelines, logged and reported by any party (including complaints arising from information sharing);

any general difficulties encountered in applying this Agreement, logged and reported by any party.

14.5 An earlier review may be necessary to take changes in the law and/or

national policy into account. The LCR Project Board will be advised by the LIB Information Governance Sub-group of any such change and will decide whether or not a formal review is required. All signatory parties will be advised accordingly.


17

15. Signatories, Publication and Review This Agreement shall be signed on behalf of each party by its Caldicott Guardian. This Agreement will be published in accordance with the terms of the Freedom of Information Act 2000. This Agreement may be executed in counterparts, each of which shall be deemed to be an original document but all of which taken together shall constitute one single agreement between the Parties.

On behalf of Leeds and York Partnership NHS Foundation Trust, the following authorised signatories agree to the terms set out in this Agreement. Name: Dr Jim Isherwood Designation: Medical Director & Caldicott Guardian Signature: __________________________________ Date: _________________ Organisation Address: Trust HQ, 2150 Thorpe Park, Century Way, Colton, Leeds LS15 8ZB The following person will act as the organisation’s central point of contact for matters concerning this Agreement: Name: Mr Carl Starbuck Contact details: 2nd Floor, North Wing, St Marys House, St Martins View, Chapel Allerton, Leeds LS7 3LA Email: [email protected] Telephone: 0113 855 771

mailto:[email protected]


18

Glossary: Anonymisation: The process of removing identifiers from a set of data so that there is little or no risk of the individual being identified from that data or by matching it to other data (identification is not likely to take place). Caldicott Guardian: A senior person within an organisation who is responsible for ensuring the protection of confidentiality of patient and service-user information and enabling appropriate information sharing. Consent: The approval or agreement for something to happen after consideration. For consent to be legally valid, the individual must be informed, must have the capacity to make the decision in question and must give consent voluntarily. This means individuals should know and understand how their information is to be used and shared (there should be ‘no surprises’) and they should understand the implications of their decision, particularly where refusing to allow information to be shared is likely to affect the care they receive. This applies to both explicit and implied consent. Data Controller: (DPA Part 1 Section 1) A person (individual or organisation) who determines the purposes for which and the manner in which any PCD are or will be processed. Data controllers must ensure that any processing of personal data for which they are responsible complies with the DPA. Identifiable Information: also Personal Data, Confidential Data etc. See ‘PCD’. Information Governance (IG): How organisations manage the way information and data are handled within the health and social care system in England. It covers the collection, use, access and decommissioning as well as requirements and standards organisations and their suppliers need to achieve to fulfil the obligations that information is handled legally, securely, efficiently, effectively and in a manner which maintains public trust. Personal Confidential Data (PCD): This term describes personal information about identified or identifiable individuals, which should be kept private or secret. ‘Personal’ includes the DPA definition of personal data, but it is adapted to include deceased as well as living people. ‘Confidential’ includes both information ‘given in confidence’ and ‘that which is owed a duty of confidence’ and is adapted to include ‘sensitive’ as defined in the Data Protection Act. Personal data: (DPA Part 1 Section 1) Data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the Data Controller, and includes any expression of opinion about the individual and any indication of the intentions of the Data Controller or any other person in respect of the individual.


19

Personal data breach incident: A data breach is any failure to meet the requirements of the Data Protection Act. This includes unlawful disclosure or misuse of confidential data, recording or sharing of inaccurate data and inappropriate invasion of people’s privacy. It includes paper-based information (such as a letter going to the wrong address) as well as electronic data. (Source: Independent Information Governance Review Department of Health March 2013). Processing: (DPA Part 1 Section 1) Processing in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:

organisation, adaptation or alteration of the information or data;

retrieval, consultation or use of the information or data;

disclosure of the information or data by transmission, dissemination or otherwise making available; or

alignment, combination, blocking, erasure or destruction of the information or data.

Pseudonymisation: Data in which individuals are distinguished through the use of a unique identifier, which does not reveal their ‘real world’ identity, but identity can be determined by reversing the process. It is considered to be anonymised data where the recipient of the pseudonymised data set has no means of access to the algorithmic key to re-identify individuals.

Sensitive Personal Data/Information: (DPA Part 1 Section 2) Data that identifies a living individual consisting of information as to his or her: racial or ethnic origin, political opinions, religious beliefs or other beliefs of a similar nature, membership of a trade union, physical or mental health or condition, sexual life, convictions, legal proceedings against the individual or allegations of offences committed by the individual. See also ‘PCD’.

Appendix A:

List of GP Practices signed up to this Agreement

GP Practice Address Telephone Date


21

Appendix B

Information Schedule (The categories of information to be shared and excluded from the LCR)

Information being shared

Data LTHT GP

Demographic and contact details Yes Yes

Medications No Yes

Allergies No Yes

Diagnoses Yes Yes

Known problems / issues Yes Yes

Procedures Yes Yes

Test Results Yes No

Clinical documents Yes No

Medical Observations Yes No

Care Plans Yes No

Appointments Yes No

Information being excluded Please see section 8


22

Appendix C

LCR Access Management Policy & Procedure

LCR Access Model v2.0.docx


23

Appendix D

The Data Protection Act Conditions for Processing for the Purposes of the First Principle.

The First Data Protection Principle requires personal data to be processed fairly and lawfully and in particular it should not be processed unless:

a. at least one of the conditions in Schedule 2 is met and, b. in the case of sensitive personal data, at least one of the conditions in

Schedule 3 is also met. Fairly The requirement to process PCD fairly will be met by informing service users within Leeds about the LCR, the benefits and their right to opt-out by using the fair processing materials provided in the LCR Communications Toolkit. In addition to this commitment to transparency, PCD will only be shared where it is necessary, relevant and proportionate for the purpose of direct care in accordance with the service user’s expectations and specified in this Agreement. Lawfully Each organisation party to this Agreement is established to provide health care or social care services to the local population. Each organisation will ensure that their processing of PCD is fair and lawful, taking into account their respective duties under the common law duty of confidence, the principles of the DPA and the Human Rights Act 1998. Schedule 2 Condition 5: The processing is necessary (b) for the exercise of any functions

conferred by any person by or under any enactment, or (c) for the exercise of any functions of the Crown, a Minister of the Crown or a government department (i.e. public authority).

Schedule 3 Social Care: Condition 7 (b) For the exercise of any functions conferred on any person by or under an enactment


24

Health: Condition 8 (1) The processing is necessary for medical purposes and is undertaken by a) a health professional, or

b) a person who in the circumstances owes a duty of confidentiality which is equivalent to that which would arise if that person were a health professional

-----END-----

dated: 15th may 2014 information sharing agreement for the ... · information sharing agreement for...

Documents